Skip to content

Reject or explicitly warn on cleartext HTTP workspace repo URLs #1179

Description

@codeforester

Problem

cli/python/base_projects/workspace_manifest.py currently accepts repo URLs starting with http:// alongside HTTPS, SSH, Git, and file URLs.

The docs for workspace manifests and local config say cleartext http:// sources are rejected by default. The implementation and documentation disagree, and accepting HTTP Git URLs exposes repository content and credentials to interception.

Verified from Claude finding: #71.

Desired outcome

Workspace manifest repo URL validation should either reject cleartext HTTP by default or emit an explicit warning behind a deliberate compatibility policy.

Scope

  • Update _validate_repo_url() behavior or docs so they match.
  • Add tests for http:// repo URLs and supported URL forms.
  • Keep local absolute paths and supported secure remote forms working.

Acceptance criteria

  • http:// workspace repo URLs no longer pass silently by default.
  • Docs and implementation agree on accepted source formats.
  • Workspace manifest tests cover the policy.

Metadata

Metadata

Assignees

Labels

securitySecurity hardening or vulnerability work

Type

No type

Fields

No fields configured for issues without a type.

Projects

Status
Done

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions